CVE-2024-25029
published 2024-04-06CVE-2024-25029: IBM Personal Communications 14.0.6 through 15.0.1 includes a Windows service that is vulnerable to remote code execution (RCE) and local privilege escalation…
PriorityP260critical10CVSS 3.1
AVNACLPRNUINSCCHIHAH
EPSS
0.79%
51.6th percentile
IBM Personal Communications 14.0.6 through 15.0.1 includes a Windows service that is vulnerable to remote code execution (RCE) and local privilege escalation (LPE). The vulnerability allows any unprivileged user with network access to a target computer to run commands with full privileges in the context of NT AUTHORITY\SYSTEM. This allows for a low privileged attacker to move laterally to affected systems and to escalate their privileges. IBM X-Force ID: 281619.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ibm | personal_communications | — | — |
| ibm | personal_communications | — | — |
| ibm | personal_communications | — | — |
| ibm | personal_communications | — | — |
| ibm | personal_communications | 14.0.6 – 15.0.1 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-w9x5-m47g-3gx6: IBM Personal Communications v14 and v15 include a Windows service that is vulnerable to local privilege escalation (LPE)
ghsa_unreviewed·2025-04-08·CVSS 9.0
CVE-2025-1095 [CRITICAL] CWE-119 GHSA-w9x5-m47g-3gx6: IBM Personal Communications v14 and v15 include a Windows service that is vulnerable to local privilege escalation (LPE)
IBM Personal Communications v14 and v15 include a Windows service that is vulnerable to local privilege escalation (LPE). The vulnerability allows any interactively logged in users on the target computer to run commands with full privileges in the context of NT AUTHORITY\SYSTEM. This allows for a low privileged attacker to escalate their privileges. This vulnerability is due to an incomplete fix for CVE-2024-25029.
GHSA
GHSA-2gfj-2fgr-3hmh: IBM Personal Communications 14
ghsa_unreviewed·2024-04-06
CVE-2024-25029 [CRITICAL] CWE-119 GHSA-2gfj-2fgr-3hmh: IBM Personal Communications 14
IBM Personal Communications 14.0.6 through 15.0.1 includes a Windows service that is vulnerable to remote code execution (RCE) and local privilege escalation (LPE). The vulnerability allows any unprivileged user with network access to a target computer to run commands with full privileges in the context of NT AUTHORITY\SYSTEM. This allows for a low privileged attacker to move laterally to affected systems and to escalate their privileges. IBM X-Force ID: 281619.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-04-06
Published